SlideShare a Scribd company logo

CredHub and Secure Credential Management

VMware Tanzu
VMware Tanzu

SpringOne Platform 2017 Peter Blum, Pivotal; Scott Frederick, Pivotal From the platform all the way down to the microservices which run upon it, secrets are everywhere and leaking them can be a costly experience. Understanding security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; rotating secrets regularly; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhering to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less.....can be daunting. A new Cloud Foundry Foundation project, CredHub, was designed for these reasons. This session will take a fresh look at how to enhance security within Cloud Foundry and applications through secret management by utilizing CredHub in conjunction with Spring Cloud Services.

Technology
1 of 43
Download to read offline
CredHub and Secure Credential Management Scott Frederick @scottyfred 1 Peter Blum @_pblum
Agenda CredHub Why? What? Use cases BOSH credentials Application service binding credentials 2
Why? CredHub
Configuring Credentials 4 Verizon: Phone numbers, names and pin codes of of six million customers were left unsecured online for nine days. Accenture: Inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys. Equifax: Website Secured By The Worst Username And Password Possible - `admin`, `admin` Viacom: Owners of Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server.
Leaked Credentials 5 Uber: Breach occurred when hackers discovered that the company's developers had published code that included their usernames and passwords on a private account of the software repository Github. OneLogin breached: Hacker finds cleartext credential notepads Deloitte is a sitting duck: VPN and proxy 'login details leaked
Using Credentials 6 Equifax: Hackers roamed its systems undetected from mid-May through late July 2017, accessing files on nearly half the U.S. population. 14 Years to Discover Data Breach: Tewksbury Hospital in Massachusetts, where a clerk inappropriately accessed the records of more than 1,000 patients between 2003 and 2017 Compromised Data goes undetected for days: According to the latest Protenus Breach Barometer It took an average of 441 days for organizations to find out a breach occurred.
Central point for Credential: - Generation - Storage - Rotation - Logging - Access Control Goals 7 TimeCredential Config Credential Leaks TimeCredential Config Credential Leaks
User Groups 8 CredHub CLI BOSH REST API Operations - Infrastructure As Code Developers - SPRING!
What? Credhub
Architecture 10 CredHub CLI BOSH REST API Authentication Provider Encryption Provider (HSM) Backing SQL Database
Credential Types value - a simple string, used for configuration and other non-generated properties password - a simple string, used for generated secrets user - username and password pair json - a JSON object certificate - an object containing a root CA, certificate and private key rsa - an object containing an RSA public key and private key ssh - an object containing an SSH-formatted public key and private key 11 http://docs.cloudfoundry.org/credhub/credential-types.html
REST API - Secured via Mutual TLS, and/or OAuth2 with UAA - Get/Set/Generate/Delete Credential - Get/Add/Delete Permission - Interpolate VCAP_SERVICES https://credhub-api.cfapps.io 12
Java mapping to CredHub REST API ● supports all credential types and operations Spring Boot auto-configuration support Apps deployed to CF with Java Buildpack automatically negotiate mutual TLS 1.0.0.RELEASE coming soon 13
BOSH Credentials Use Cases
BOSH Deployments 15 CredHub BOSH Generate Cred Deploy Manifest Backing SQL Database Store Cred Return Cred Deployed Service with Deploy Service
$ bosh -e pcf -d pcf manifest BOSH Benefits 16 Simplified Deployment Manifests vs Relax Access to BOSH Director Enables Sharing of Deployment Manifests& $ bosh -e pcf -d pcf manifest vs
Availability Starting with Release Version 262 Starting in Pivotal CF 1.11 ● Ops Manager deploys CredHub with BOSH director 17
Secure Service Binding Credentials Use Cases
Service Bindings $ cf create-service service-name plan service-instance-name 19 $ cf bind-service app-name service-instance-name “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” } Create Instance Provision Resources Details Cloud Controller Service Broker Create Binding Generate Credentials Credentials Cloud Controller Service Broker
Service Bindings $ cf env app-name “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } 20
Where Binding Credentials Live 21 Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
Service Bindings With CredHub 22 $ cf bind-service app-name service-instance-name create binding generate credentials credentials with credhub-ref PUT /data “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” } “credentials”: { “credhub-ref”: “/c/my-broker/[instance-id]/[binding-id]/credentials” } Cloud Controller Service Broker CredHub
Service Bindings $ cf env app-name “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/[instance-id]/[binding-id]/credentials” }, }] } 23
Credential Interpolation 24 CredHub “VCAP_SERVICES”: { “my-service”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/1111/2222/credentials” }, }] } “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } POST /interpolate interpolated credentials
Diego Cell Diego Assisted Credential Resolution CredHub 25 App cf push create env POST /interpolate VCAP_SERVICES Cloud Controller V##P_##### VCAP_SERVICESV##P_#####
Application Benefits of Using CredHub Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh 26 Assisted Mode
Non-Assisted Credential Resolution 27 Spring applications using Spring Cloud Connectors or Spring Boot ${vcap.service.} properties will have framework support to automate resolution CredHub POST /interpolate VCAP_SERVICES V##P_##### Diego Cell Diego App cf push create env Cloud Controller VCAP_SERVICESV##P_#####
Application Benefits of Using CredHub Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh 28 Assisted Mode Non-Assisted Mode Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
Availability CredHub bits are included in cf-deployment since version v0.36.0 Deployment manifest customization required to enable secure service binding credentials workflow Starting in Pivotal CF 2.0 ● Secure service binding credentials support can be enabled or disabled in PAS tile configuration ● Assisted mode only 29 Service brokers will be updated to support secure binding credentials on their own release schedules
Learn More. Stay Connected. How to Build Spring Services for Cloud-Native Platforms Using the Open Service Broker API Matthew McNeeney, Sam Gunaratne Thursday 12:30 room 2004 30 #springone@s1p
STOP! Download Fonts Now PLEASE DOWNLOAD AND INSTALL PROXIMA NOVA FONTS BEFORE CREATING YOUR PRESENTATION. You can download the fonts here… https://brandfolder.com/pivotal Password: keepitsimple Fonts included in the ZIP file: Proxima Nova (headline and body text) http://www.fontspring.com/support/installing/how-do-i-install-fonts-on-my-mac http://www.fontspring.com/support/installing/how-do-i-install-fonts-on-my-windows- pc 31
Body Slide - Dark Background All body text is Proxima Nova Regular • Subhead (18pt) • Level Two (18pt) • Level Three (18pt) • Level Four (18pt) Use the “Decrease/Increase Indent” tools to change bullet levels • Click on the Home ribbon, Paragraph tab Line spacing is set in master slides 32
Two Columns – Dark Background Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque 33
Two Columns – Light Background Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque 34
Design Assets
Brand Colors SpringOne Platform 2017 Theme Colors 36 Spring Brand Color Pivotal Brand Color
Code Slide 37 // This is Andale Mono: 14pt or higher please public class TransferServiceImpl implements TransferService { public TransferServiceImpl(AccountRepository ar) { this.accountRepository = ar; } … }
Pivotal Logos on Dark Background 38 Looking for more Pivotal logos, PCF services icons, or OSS logos? Visit: brandfolder.com/pivotal-assets
Pivotal Logos on Light Background 39 Looking for more Pivotal logos, PCF services icons, or OSS logos? Visit: brandfolder.com/pivotal-assets
Event Logos 40
Spring Logo and Project Icons 41 Spring Framewor k Spring Securit y Sprin g Data Sprin g Batch Spring Integratio n Project Reacto r Sprin g AMQ P Spring Hateoas Spring Mobil e Spring Androi d Sprin g Social Spring Web Services Spring Web Flow Sprin g XD Sprin g Boot Sprin g LDAP Spring Tool Suite Spring Cloud Data Flow Spring Kafka Spring Cloud
Sample Table 42 2007 2008 2009 2010 Category 1 2.4 6.4 4.1 6.6 Category 2 8.2 4.5 3.2 3.8 Category 3 4.6 3.2 1.9 9.6 Category 4 6.7 3.3 3.4 2.2 Category 5 4.3 5.6 7.1 3.4
Sample Table 43 2007 2008 2009 2010 Category 1 2.4 6.4 4.1 6.6 Category 2 8.2 4.5 3.2 3.8 Category 3 4.6 3.2 1.9 9.6 Category 4 6.7 3.3 3.4 2.2 Category 5 4.3 5.6 7.1 3.4

Recommended

Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
パスワードのいらない世界へ  FIDO認証の最新状況
パスワードのいらない世界へ  FIDO認証の最新状況パスワードのいらない世界へ  FIDO認証の最新状況
パスワードのいらない世界へ  FIDO認証の最新状況FIDO Alliance
 
HSM超入門講座
HSM超入門講座HSM超入門講座
HSM超入門講座Hiroshi Nakamura
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
Camera2 API, SHIM, and HAL 3.2 in Android 5.1
Camera2 API, SHIM, and HAL 3.2 in Android 5.1Camera2 API, SHIM, and HAL 3.2 in Android 5.1
Camera2 API, SHIM, and HAL 3.2 in Android 5.1Cheng Hsien Chen
 
오픈스택: 구석구석 파헤쳐보기
오픈스택: 구석구석 파헤쳐보기오픈스택: 구석구석 파헤쳐보기
오픈스택: 구석구석 파헤쳐보기Jaehwa Park
 
SSH
SSHSSH
SSHZach Dennis
 
Windows 展開の自動化ツール - Microsoft Deployment Toolkit
Windows 展開の自動化ツール - Microsoft Deployment ToolkitWindows 展開の自動化ツール - Microsoft Deployment Toolkit
Windows 展開の自動化ツール - Microsoft Deployment Toolkitshigeya
 

Recommended

Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
パスワードのいらない世界へ  FIDO認証の最新状況
パスワードのいらない世界へ  FIDO認証の最新状況パスワードのいらない世界へ  FIDO認証の最新状況
パスワードのいらない世界へ  FIDO認証の最新状況FIDO Alliance
 
HSM超入門講座
HSM超入門講座HSM超入門講座
HSM超入門講座Hiroshi Nakamura
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
Camera2 API, SHIM, and HAL 3.2 in Android 5.1
Camera2 API, SHIM, and HAL 3.2 in Android 5.1Camera2 API, SHIM, and HAL 3.2 in Android 5.1
Camera2 API, SHIM, and HAL 3.2 in Android 5.1Cheng Hsien Chen
 
오픈스택: 구석구석 파헤쳐보기
오픈스택: 구석구석 파헤쳐보기오픈스택: 구석구석 파헤쳐보기
오픈스택: 구석구석 파헤쳐보기Jaehwa Park
 
SSH
SSHSSH
SSHZach Dennis
 
Windows 展開の自動化ツール - Microsoft Deployment Toolkit
Windows 展開の自動化ツール - Microsoft Deployment ToolkitWindows 展開の自動化ツール - Microsoft Deployment Toolkit
Windows 展開の自動化ツール - Microsoft Deployment Toolkitshigeya
 
CSS 入門 - 前端工程開發實務訓練
CSS 入門 - 前端工程開發實務訓練CSS 入門 - 前端工程開發實務訓練
CSS 入門 - 前端工程開發實務訓練Joseph Chiang
 
Set theory solutions
Set theory solutionsSet theory solutions
Set theory solutionsGarden City
 
Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...
Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...
Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...SlideTeam
 
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Jun Kurihara
 
Mcse notes
Mcse notesMcse notes
Mcse notesvrammn
 
Spring Security Patterns
Spring Security PatternsSpring Security Patterns
Spring Security PatternsVMware Tanzu
 
認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜Masaru Kurahayashi
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallHuda Seyam
 
Office365のIdentity管理
Office365のIdentity管理Office365のIdentity管理
Office365のIdentity管理Naohiro Fujie
 
Advanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAdvanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAvi Networks
 
VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)Netwax Lab
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Yusuke Kodama
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id conceptMostafa El Lathy
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedStefano Stabellini
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & MicrosoftFIDO Alliance
 
Future-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysFuture-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysNordic APIs
 
Manuel utilisateur FR DJI Matrice 210 V2
Manuel utilisateur FR DJI Matrice 210 V2Manuel utilisateur FR DJI Matrice 210 V2
Manuel utilisateur FR DJI Matrice 210 V2RPAS PRO MANAGEMENT - Drones
 
ACI3.0(1k) Release
ACI3.0(1k) ReleaseACI3.0(1k) Release
ACI3.0(1k) ReleaseTakao Setaka
 
Spring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application ServiceSpring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application ServiceVMware Tanzu
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 

More Related Content

What's hot

CSS 入門 - 前端工程開發實務訓練
CSS 入門 - 前端工程開發實務訓練CSS 入門 - 前端工程開發實務訓練
CSS 入門 - 前端工程開發實務訓練Joseph Chiang
 
Set theory solutions
Set theory solutionsSet theory solutions
Set theory solutionsGarden City
 
Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...
Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...
Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...SlideTeam
 
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Jun Kurihara
 
Mcse notes
Mcse notesMcse notes
Mcse notesvrammn
 
Spring Security Patterns
Spring Security PatternsSpring Security Patterns
Spring Security PatternsVMware Tanzu
 
認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜Masaru Kurahayashi
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallHuda Seyam
 
Office365のIdentity管理
Office365のIdentity管理Office365のIdentity管理
Office365のIdentity管理Naohiro Fujie
 
Advanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAdvanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAvi Networks
 
VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)Netwax Lab
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Yusuke Kodama
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id conceptMostafa El Lathy
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security KeysFIDO Alliance
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedStefano Stabellini
 
Future-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysFuture-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysNordic APIs
 
ACI3.0(1k) Release
ACI3.0(1k) ReleaseACI3.0(1k) Release
ACI3.0(1k) ReleaseTakao Setaka
 

What's hot (20)

CSS 入門 - 前端工程開發實務訓練
CSS 入門 - 前端工程開發實務訓練CSS 入門 - 前端工程開發實務訓練
CSS 入門 - 前端工程開發實務訓練
 
Set theory solutions
Set theory solutionsSet theory solutions
Set theory solutions
 
Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...
Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...
Guide To Jenkins Management Continuous Integration And Useful Plugins Complet...
 
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
 
Mcse notes
Mcse notesMcse notes
Mcse notes
 
Spring Security Patterns
Spring Security PatternsSpring Security Patterns
Spring Security Patterns
 
認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
 
Office365のIdentity管理
Office365のIdentity管理Office365のIdentity管理
Office365のIdentity管理
 
Advanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAdvanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAF
 
VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id concept
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for Embedded
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
 
Future-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysFuture-proofing Authentication with Passkeys
Future-proofing Authentication with Passkeys
 
Manuel utilisateur FR DJI Matrice 210 V2
Manuel utilisateur FR DJI Matrice 210 V2Manuel utilisateur FR DJI Matrice 210 V2
Manuel utilisateur FR DJI Matrice 210 V2
 
ACI3.0(1k) Release
ACI3.0(1k) ReleaseACI3.0(1k) Release
ACI3.0(1k) Release
 

Similar to CredHub and Secure Credential Management

Spring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application ServiceSpring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application ServiceVMware Tanzu
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieSpring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieVMware Tanzu
 
Red Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureRed Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureJohn Archer
 
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...VMware Tanzu
 
Using CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsUsing CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsVMware Tanzu
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surfaceAvi Shulman
 
Spring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasSpring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasVMware Tanzu
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewOpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewMaría Angélica Bracho
 
Secure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan KelleherSecure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan KelleherVMware Tanzu
 
batbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data Platformbatbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data PlatformBATbern
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)QAware GmbH
 
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco DevNet
 
Z101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apisZ101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apisTeodoro Cipresso
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivotalOpenSourceHub
 
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan VMware Tanzu
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 

Similar to CredHub and Secure Credential Management (20)

Spring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application ServiceSpring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application Service
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential Management
 
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieSpring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
 
Red Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureRed Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft Azure
 
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
 
Using CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsUsing CredHub for Kubernetes Deployments
Using CredHub for Kubernetes Deployments
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
 
Spring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasSpring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour Dallas
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewOpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
 
Secure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan KelleherSecure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan Kelleher
 
batbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data Platformbatbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data Platform
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
 
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
 
Z101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apisZ101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apis
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
 
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 

More from VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

More from VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

CredHub and Secure Credential Management

  • 1. CredHub and Secure Credential Management Scott Frederick @scottyfred 1 Peter Blum @_pblum
  • 4. Configuring Credentials 4 Verizon: Phone numbers, names and pin codes of of six million customers were left unsecured online for nine days. Accenture: Inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys. Equifax: Website Secured By The Worst Username And Password Possible - `admin`, `admin` Viacom: Owners of Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server.
  • 5. Leaked Credentials 5 Uber: Breach occurred when hackers discovered that the company's developers had published code that included their usernames and passwords on a private account of the software repository Github. OneLogin breached: Hacker finds cleartext credential notepads Deloitte is a sitting duck: VPN and proxy 'login details leaked
  • 6. Using Credentials 6 Equifax: Hackers roamed its systems undetected from mid-May through late July 2017, accessing files on nearly half the U.S. population. 14 Years to Discover Data Breach: Tewksbury Hospital in Massachusetts, where a clerk inappropriately accessed the records of more than 1,000 patients between 2003 and 2017 Compromised Data goes undetected for days: According to the latest Protenus Breach Barometer It took an average of 441 days for organizations to find out a breach occurred.
  • 7. Central point for Credential: - Generation - Storage - Rotation - Logging - Access Control Goals 7 TimeCredential Config Credential Leaks TimeCredential Config Credential Leaks
  • 8. User Groups 8 CredHub CLI BOSH REST API Operations - Infrastructure As Code Developers - SPRING!
  • 11. Credential Types value - a simple string, used for configuration and other non-generated properties password - a simple string, used for generated secrets user - username and password pair json - a JSON object certificate - an object containing a root CA, certificate and private key rsa - an object containing an RSA public key and private key ssh - an object containing an SSH-formatted public key and private key 11 http://docs.cloudfoundry.org/credhub/credential-types.html
  • 12. REST API - Secured via Mutual TLS, and/or OAuth2 with UAA - Get/Set/Generate/Delete Credential - Get/Add/Delete Permission - Interpolate VCAP_SERVICES https://credhub-api.cfapps.io 12
  • 13. Java mapping to CredHub REST API ● supports all credential types and operations Spring Boot auto-configuration support Apps deployed to CF with Java Buildpack automatically negotiate mutual TLS 1.0.0.RELEASE coming soon 13
  • 15. BOSH Deployments 15 CredHub BOSH Generate Cred Deploy Manifest Backing SQL Database Store Cred Return Cred Deployed Service with Deploy Service
  • 16. $ bosh -e pcf -d pcf manifest BOSH Benefits 16 Simplified Deployment Manifests vs Relax Access to BOSH Director Enables Sharing of Deployment Manifests& $ bosh -e pcf -d pcf manifest vs
  • 17. Availability Starting with Release Version 262 Starting in Pivotal CF 1.11 ● Ops Manager deploys CredHub with BOSH director 17
  • 19. Service Bindings $ cf create-service service-name plan service-instance-name 19 $ cf bind-service app-name service-instance-name “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” } Create Instance Provision Resources Details Cloud Controller Service Broker Create Binding Generate Credentials Credentials Cloud Controller Service Broker
  • 20. Service Bindings $ cf env app-name “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } 20
  • 21. Where Binding Credentials Live 21 Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
  • 22. Service Bindings With CredHub 22 $ cf bind-service app-name service-instance-name create binding generate credentials credentials with credhub-ref PUT /data “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” } “credentials”: { “credhub-ref”: “/c/my-broker/[instance-id]/[binding-id]/credentials” } Cloud Controller Service Broker CredHub
  • 23. Service Bindings $ cf env app-name “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/[instance-id]/[binding-id]/credentials” }, }] } 23
  • 24. Credential Interpolation 24 CredHub “VCAP_SERVICES”: { “my-service”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/1111/2222/credentials” }, }] } “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } POST /interpolate interpolated credentials
  • 25. Diego Cell Diego Assisted Credential Resolution CredHub 25 App cf push create env POST /interpolate VCAP_SERVICES Cloud Controller V##P_##### VCAP_SERVICESV##P_#####
  • 26. Application Benefits of Using CredHub Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh 26 Assisted Mode
  • 27. Non-Assisted Credential Resolution 27 Spring applications using Spring Cloud Connectors or Spring Boot ${vcap.service.} properties will have framework support to automate resolution CredHub POST /interpolate VCAP_SERVICES V##P_##### Diego Cell Diego App cf push create env Cloud Controller VCAP_SERVICESV##P_#####
  • 28. Application Benefits of Using CredHub Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh 28 Assisted Mode Non-Assisted Mode Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
  • 29. Availability CredHub bits are included in cf-deployment since version v0.36.0 Deployment manifest customization required to enable secure service binding credentials workflow Starting in Pivotal CF 2.0 ● Secure service binding credentials support can be enabled or disabled in PAS tile configuration ● Assisted mode only 29 Service brokers will be updated to support secure binding credentials on their own release schedules
  • 30. Learn More. Stay Connected. How to Build Spring Services for Cloud-Native Platforms Using the Open Service Broker API Matthew McNeeney, Sam Gunaratne Thursday 12:30 room 2004 30 #springone@s1p
  • 31. STOP! Download Fonts Now PLEASE DOWNLOAD AND INSTALL PROXIMA NOVA FONTS BEFORE CREATING YOUR PRESENTATION. You can download the fonts here… https://brandfolder.com/pivotal Password: keepitsimple Fonts included in the ZIP file: Proxima Nova (headline and body text) http://www.fontspring.com/support/installing/how-do-i-install-fonts-on-my-mac http://www.fontspring.com/support/installing/how-do-i-install-fonts-on-my-windows- pc 31
  • 32. Body Slide - Dark Background All body text is Proxima Nova Regular • Subhead (18pt) • Level Two (18pt) • Level Three (18pt) • Level Four (18pt) Use the “Decrease/Increase Indent” tools to change bullet levels • Click on the Home ribbon, Paragraph tab Line spacing is set in master slides 32
  • 33. Two Columns – Dark Background Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque 33
  • 34. Two Columns – Light Background Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque 34
  • 36. Brand Colors SpringOne Platform 2017 Theme Colors 36 Spring Brand Color Pivotal Brand Color
  • 37. Code Slide 37 // This is Andale Mono: 14pt or higher please public class TransferServiceImpl implements TransferService { public TransferServiceImpl(AccountRepository ar) { this.accountRepository = ar; } … }
  • 38. Pivotal Logos on Dark Background 38 Looking for more Pivotal logos, PCF services icons, or OSS logos? Visit: brandfolder.com/pivotal-assets
  • 39. Pivotal Logos on Light Background 39 Looking for more Pivotal logos, PCF services icons, or OSS logos? Visit: brandfolder.com/pivotal-assets
  • 41. Spring Logo and Project Icons 41 Spring Framewor k Spring Securit y Sprin g Data Sprin g Batch Spring Integratio n Project Reacto r Sprin g AMQ P Spring Hateoas Spring Mobil e Spring Androi d Sprin g Social Spring Web Services Spring Web Flow Sprin g XD Sprin g Boot Sprin g LDAP Spring Tool Suite Spring Cloud Data Flow Spring Kafka Spring Cloud
  • 42. Sample Table 42 2007 2008 2009 2010 Category 1 2.4 6.4 4.1 6.6 Category 2 8.2 4.5 3.2 3.8 Category 3 4.6 3.2 1.9 9.6 Category 4 6.7 3.3 3.4 2.2 Category 5 4.3 5.6 7.1 3.4
  • 43. Sample Table 43 2007 2008 2009 2010 Category 1 2.4 6.4 4.1 6.6 Category 2 8.2 4.5 3.2 3.8 Category 3 4.6 3.2 1.9 9.6 Category 4 6.7 3.3 3.4 2.2 Category 5 4.3 5.6 7.1 3.4